Technology.Life.Insight.

The XenApp (XA) brand was a name change that continues the Citrix Presentation Server (CPS) product line. CPS 4.5 for Server 2003 ended and XenApp 5 for Server 2008 x86 began. Citrix has recently released XA 6 which is 64-bit and designed to run on Server 2008 R2. Citrix Essentials, the scaled down SMB product, was renamed to Citrix Fundamentals (XAF). XAF is akin to XA 5 functionally for all intensive purposes. XenApp 5 and 6 come in Advanced, Enterprise, and Platinum flavors, each unlocking different features.

XAF is targeted for small to medium enterprises that need only a maximum of 75 named users. That is the main drawback, concurrent licensing is not available on this platform. The idea is simplicity and XAF achieves that goal handily while providing a full XA experience. When installing XAF you are presented with 2 installation types: application or DMZ (secure gateway). The intended design is for the Secure Gateway to sit in a firewalled DMZ (single-hop) and point to the application server sitting on the LAN inside.

Installing the application server piece is incredibly simple with the installer taking care of everything including all prerequisites. Make sure to enable Remote Desktop Services prior to install with all licensing requirements taken care of.

Once the “Set Up Server” wizard launches, you have a choice to configure a stand-alone server or a server group. Advanced mode can be enabled now or later which unlocks user profile management, load balancing, and server failover. The advanced features rely heavily upon Active Directory and currently only Server 2008 R1 functional-level domains are supported. The OU structure will be created in 2008 R2 domains but the advanced mode initialization will ultimately fail. Citrix is aware of the issue and says that we should see some kind of fix in 2-3 weeks.

Once setup completes, launch the Quick Start tool and add your license file. I am using evaluation licenses provided by Citrix for this trial.

The Quick Start tool walks you through the steps to get your sever up and running, including publishing apps, linking up with the Secure Gateway (if you choose), publishing printers, and delegating administrative access. Application installations work just like any other terminal server install, start up “install app in TS-mode” and install. Then the application can be published, assigned to user groups/ servers, associated with file types, and appearance controlled. You can open the familiar Citrix Access Management console at any time to complete any of these tasks.

Performance optimizations can be set at the farm or server levels and include Session Reliability, CPU/Memory Optimization, etc.

Configuring the gateway consists of specifying the FQDN it will respond to on the internet and the address of the internal Citrix application server. You can generate a temporary SSL certificate but you’ll have to install the cert and add the issuer as a trusted publisher before your applications will be usable. I opted to use a free comodo cert instead. The last step is opening TCP/1080 through your firewall from your DMZ server to your internal application server. That’s it.

The Secure Gateway has its own Web Interface which can be customized in appearance as well. Additionally you can choose which plugins to publish and whether or not the native plugin should be preferred. All of the other Web Interface options are available here as well.

The default login form is clean and simple. Domain names can be required to login using a UPN or domain\username formats. Assuming the domain name that resolves to your Secure Gateway does not have the same name as your internal domain, this can add some easy additional security.

Once authenticated, if you don’t have the Citrix client you will be directed to a screen where you can download and install it before you continue. Once installed you will be presented with your published applications. Access to your enterprise is now a click away.

Performance is very good and there are no issues running the entire solution in a virtual environment. Application Isolation as it was known in CPS is gone in XenApp, replaced by Application Streaming. This feature is only available in the Enterprise and Platinum versions. After my environment was set up, anytime I closed an app I also saw the Server 2008 logoff screen. While not a huge deal this disturbs the seamless Citrix user experience. To get around this I added a logoff script to the user portion of my terminal server baseline GPO. Create a .bat file and put the following in it, no more logoff screens:

tsdiscon %sessionname%

Licensing is roughly $100 per concurrent user for XAF, plus the TS CAL, plus any applicable application licensing. Definitely not a cheap solution, especially since Server 2008 includes Remote Apps by default. Like most out-of-the-box Microsoft solutions what they give you is adequate but if you want all the bells and whistles you have to go third-party. I plan to completely replace my legacy Cisco VPN solution with Citrix as well as provide an environment to run applications with Windows7 compatibility problems. Home user PCs and whatever nightmares they harbor will stay in their homes. Citrix provides a secure, reliable, and rich user experience that will ultimately reduce support calls and make application maintenance easier.

As with any terminal server environment, the challenges will come with publishing apps and ensuring that users have access to all the proper resources. I ran into another issue publishing Office 2003 SP3 to satisfy a companion legacy reporting application. Not having any application isolation options to publish Office 2003 along side 2007, I decided to publish Office 2003 with the 2007 compatibility pack. Office itself worked fine but to get the compatibility pack converters to work I had to use some trickery. wordconv.exe as well as the excel and ppt converters had to be added to the DEP exception list. I also had to enable compatibility mode for all users on the core executables themselves (winword.exe, etc). With these changes in place I was able to open and edit 2007 file formats without issue. All told I’m very pleased with XAF and if they fix the advanced mode compatibility issues with 2008 R2 domains I’ll be ecstatic. If anything pushes me towards XA Enterprise though, it will be application streaming.